User`s guide
Within any organization, different individuals or groups require access to different resources and applications. For example, marketers may need
to use Facebook for their work, while for other groups it will only waste time and bandwidth.
To enforce policies that control access to resources and allocation of bandwidth, Barracuda Firewall identifies users based on IP address
mapping. Role assignments based on identity and device posture checks can be used within the firewall to facilitate role-based access control
(RBAC).
Barracuda Firewall supports authentication of users and enforcement of user-aware firewall rules, content inspection, and application control
using Active Directory, NTLM, MS CHAP, RADIUS, LDAP/LDAPS as well as authentication with x.509 certificates.
INTRUSION PREVENTION SYSTEM (IPS)
The Barracuda Firewall IPS is tightly integrated in the firewall architecture. It enhances network security by providing comprehensive real-time
network protection against a broad range of network threats, vulnerabilities, exploits and exposures. It also keeps spyware and worms out of the
corporate network in order to prevent fraud and to maintain strict privacy.
When an attack is detected, the Barracuda Firewall either drops the offending packets and sessions (while still allowing all other traffic to pass) or
just logs the intrusion attempt. As part of the Energize Update subscription, signature updates are delivered in near real time as new exploits are
identified, to ensure the Barracuda Firewall is constantly up-to-date and aware of the latest threats and vulnerabilities.
BARRACUDA WEB SECURITY SERVICE
By moving CPU-intensive malware scanning and URL filtering tasks to the Barracuda Web Security cloud infrastructure, the Barracuda Firewall
extends the capacity of onpremises compute resources. With virtually unlimited cloud resources, the Barracuda Firewall has the elasticity to scale
dynamically as security needs change. Reporting is also handled in the cloud, further improving resource efficiency.
In addition, cloud integration ensures that signature libraries and threat definitions are always up to date - even as whole new threat categories
emerge, your protection continues without interruption, unlike that provided by legacy firewalls, which must be replaced each time they need to
defend against a new kind of threat.
LINK OPTIMIZATION TECHNOLOGY
To ensure the best and most cost efficient connectivity, the Barracuda Firewall provides a wide range of built-in uplink options such as unlimited
leased lines, up to six DHCP, up to four xDSL, and up to two ISDN and UMTS connections.
By eliminating the need to purchase additional devices for uplink balancing, security conscious customers will have access to a WAN connection
that never goes down, even if one or two of the existing WAN uplinks are severed.
Automatic failover ensures the next best uplink is activated on the fly, and all traffic is rerouted to make full use of the remaining links. Predefined
load balancing policies make it particularly easy to share the bandwidth of multiple uplinks, and can prioritize specific application traffic or assign it
to a specific link.
CENTRALIZED MANAGEMENT VIA THE CLOUD
Every Barracuda Firewall is integrated with Barracuda Cloud Control (BCC), which allows organizations to manage all their Barracuda Firewalls
(along with most other Barracuda Networks solutions) through a single, consistent interface. This gives administrators a global view of all of their
devices and ensures they are provisioned with the latest firmware, definitions, and security policies.
Combined with the configuration of Barracuda Web Security settings and reporting, this allows effectively all security settings to be centrally
managed via one interface available on every Internet-connected device. BCC is included at no charge with every Barracuda Firewall unit. Users
may also choose to manage each device directly through its own interface.
Underlying Technology
Hardened Operating System
Security devices protecting the network at the perimeter need to be invulnerable to attacks. Barracuda Firewall is built on a hardened Linux
operating system developed and optimized over the course of more than ten years. A customized infrastructure layer provides the basic gateway
properties and routing capabilities already in the Linux kernel. The system is protected against attacks on the system itself as well as all
application functions hosted by the system via the integration of a separate Barracuda Firewall-based host firewall, inspecting all incoming and
outgoing local traffic from and to the system.
phion Core